Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Controlling where output can be processed z/OS JES2 Initialization and Tuning Guide SA32-0991-00 |
|
JES2 normally processes output on any device that matches the output's selection criteria. You might, however, want to control the specific devices certain users can access. For example, you might want the users who process your payroll to be the only users of a particular printer. By defining the device to RACF® (as
a profile in RACF class WRITER), you can limit access to that
device to a user or group of users. When a defined device selects
a piece of output for processing, JES2 passes an authorization request
to SAF; access to the device depends on the response JES2 receives. RACF profile names for devices have the following formats:
Also, if security label verification is active, RACF ensures that the device can write this data depending on the security label specified. If your RACF options require the security label of the device to be equal to or greater than the security label of the output, the device will not be able to process the output. If a device cannot select output because the device does not have
sufficient access to that output, the output remains on the output
queue until you:
RACF also allows your installation to print security labels on printed output that PSF-managed printers process. See z/OS Security Server RACF Security Administrator's Guide for information about printing security labels on job output using RACF. Also, see z/OS MVS JCL User's Guide for information about using the OUTPUT JCL statement to print security labels. |
Copyright IBM Corporation 1990, 2014
|